On 4 December 2017, someone posted a file containing the usernames and plaintext passwords of 300,000 users to a hacker forum. An analysis of the dump, which was still available for download as of 27 December 2017, suggests the hackers infiltrated the domain rsl[dot]rootsweb[dot]ancestry[dot]com. They then stole the information from a server maintained by Ancestry.com for RootsWeb, a free online genealogical community which allows members to participate in mailing lists and message boards.
As reported by HackRead, independent security researcher Troy Hunt ultimately found the data dump. His investigation indicates that the breach occurred in 2015 and that Ancestry.com was unaware of the incident at the time. So he reached out to the for-profit genealogy company and gave them the file.
— Have I been pwned? (@haveibeenpwned) December 24, 2017
Ancestry.com’s information security team subsequently reviewed the file and determined that the information contained therein was legitimate. Tony Blackham, CISO of the service, explains more of what the security personnel found:
Though the file contained 300,000 email/usernames and passwords, through our analysis we were able to determine that only approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers. As part of our investigation, our team also uncovered other usernames that were present on the RootsWeb server that, though not (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/data-breach-exposes-300k-rootsweb-users-login-credentials/